Records management (RM) generally refers to approaches to controlling and governing key records of an organization (e.g. an enterprise, a company, a university, or the like, including subordinate organizations within other organization) throughout the lifecycle of a record, which includes the period from when a record is first created by or provided to an organization to the eventual disposal of the record. Elements of records management can include identifying, classifying, prioritizing, storing, securing, archiving, preserving, retrieving, tracking, and destroying of records. These activities are typically part of a broader set of requirements associated with governance, risk, and compliance (GRC) activities performed by the organization, and are generally related to maintaining and securing records and evidence of the organization's business activities, etc. as well as the reduction or mitigation of risk that may be associated with such evidence.
Records management can be a crucial function within an organization, but also one that can be difficult to implement due to added burdens placed on users by requirements for compliance with records management protocols. Well-implemented approaches to records management can provide benefits such as improving efficiency and productivity, ensuring regulatory compliance, minimizing litigation risks, safeguarding important (or even vital) information, supporting improved decision making by an organization's management, preserving the organization's institutional memory, fostering improved document organization, etc. However, these benefits can be difficult to achieve for various reasons, including the reliance of many aspects of existing records management approaches upon a certain level of training, adoption, and regular implementation of a set of records management procedures by users at the organization. If users do not properly adopt and implement the necessary procedures, a records management approach can fail to achieve the various goals and to provide the intended benefits. Alternatively, hard enforcement of records management procedures in a manner that ensures compliance but that requires additional user actions beyond normal day to day work can hinder productivity as users are required to carry extra workload, and thereby devote time and attention to these extra tasks that could be more productively used for other tasks, simply to comply with such procedures.
As used herein, the term “record” refers generally to something that represents proof of existence and that can be used to recreate or prove state of existence, regardless of medium or characteristics. A record can be created or received by an organization in pursuance of or compliance with legal obligations, in the transaction of business, etc. A record can be a tangible object, such as a paper document (e.g. a birth certificate; a driver license; a physical copy of a medical x-rays, a contract, etc.) or digital information, such as electronic office documents, data in application databases, web site content, and electronic mail (email). Unlike tangible records, however, with digital records it can be more difficult to ensure authenticity, reliability, trustworthiness, etc. For example, the absence of a tangible equivalent of a digital information record can complicate processes for preserving and protecting the content, the context, the structure, etc. of such records.
Once a record is created, one or more of an owner of the record, a records repository, an authorized user, a records management team member, or the like can set records controls to regulate access to and distribution of the record. Records controls, as referred to herein, can include one or more records management policies, procedures, rules, etc., which can pertain to access privileges, records lifecycle management, and the like. For example, privileges can be set (e.g. by an administrator, manager, etc.) on a repository to allow users having certain roles to access particular records stored in the repository. Lifecycle management, records management, or other software-based architectures can be used to identify original records, versions of records, copies of records, and distribution histories of records. Records maintenance can be accomplished by formally and discretely identifying records (e.g. by coding and storing records in folders or other file plan hierarchies specifically designed for protection and storage capacity, by informally identifying and filing without indexing, or by other approaches.
Content management is a related field to records management. However, the two approaches are not always compatible and are sometimes at odds with one another. A content management system (CMS) suitable for managing the various content items that an organization produces or receives, retains or otherwise stores, manipulates or modifies, etc. can support the requirements of one or more applications, and optionally other requirements, to provide a coherent solution in which content and management processes are capable of accessing content across a variety of applications subject to access controls, permissions, and the like. Content items managed by a content management system can include one or more of files, documents, images, photos, Web pages, records, XML documents, other unstructured or semi-structured files, etc., as well as directory structures such as folders, file trees, file plans, or the like, which can provide organization for multiple content items in addition to storing or otherwise representing relationships between content items, etc. For simplicity, the term “document” is used generically herein to refer to all types of content items handled by a content management system, while “record” refers to a content item that has been put under the control of a records management system.
A content management system can manage one or more of the actual digital content of a document, the metadata that describes a context of the document, associations between the document and other content or documents, a place and classification of the document in a repository, indexes for finding and accessing documents, etc. The content management system can also manage processes and lifecycles of documents to ensure that this information is correct. The content management system can also manage one or more workflows for capturing, manipulating, editing, storing, and distributing documents, as well as the lifecycle for how long a document will be retained and what happens after that retention period.
A content management system for use in enterprise content management can include one or more of document management tools, applications, and interfaces to support general office work, search, and discovery. Workflow management capabilities of a content management system can support various business processes, optionally including, but not limited to, case management and review and approval. Collaboration applications and services of a content management system can support the collaborative development of information and knowledge in the creation and refinement of content and documents. Web content management services of a content management system, which can be scalable, can support the delivery and deployment of content and documents from the enterprise to users (e.g. end users of content, customers of the enterprise, etc.). Records management capabilities of a content management system can capture and preserve records based upon government-approved or other standards. A standards-based platform can also provide access to applications that use these standards, such as publishing, image management, email management, etc.
Currently available approaches to coordinating records management with content management systems typically involve moving a document from a content management system repository to a records management repository when the document is designated or otherwise classified as a record. A records management team can manage policies for the records retained at the records management repository. However, such an approach can have the undesirable effect of requiring users to understand operation and navigation of a separate records management system to access documents that they had previously authored, accessed, modified, had read permissions for, etc. on the content management system after those documents are designated as records and moved to the separate records management system.
Other approaches involving “in-place” records management can include leaving documents in existing locations on one or more content management systems but placing control for the documents under the control of a separate records management system that includes a common data model configured to interact with the architectures of the one or more content management systems and to define and enforce records management policies on data, documents, etc. in the different data storage systems. Such an approach can be useful from the perspective of a records management team, for example because use of a common data model requires a records manager to understand only a single data model. However, such an approach can still require extraction of documents from one or more content management systems to a secured records management repository to perform important records management functions such as legal holds, archiving, and the like.